Battle For anti Ransomware should I purchase or install AppCheck or NeuShield?

Compare list
AppCheck
NeuShield

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Ted- NeuShield has been around for a while and quite frankly I totally forgot about it. After reading your post I took the Free version for a quick dance and it proved to be VERY interesting indeed. Although it allows in all cases files to be encrypted from whatever ransomware strain is executed, those areas that are protected by default (essentially backed up) can be restored quite quickly and easily. In addition to the usual encryption routine, NeuShield did a (so far) marvelous job against diskwipers and MBR lockers where the mechanisms are immediately detected with damage being prevented.

One very minor issue noted was if the malware run contains a persistence mechanism on system restart one will have files encrypted to be restored again; this us no real problem but without the eradication of the initial infection one essentially will be playing ransom whack-a-mole until this is done.

I would like to thank you for your post as NeuShield so far has exceeded my expectations.
 

TedCruz

Level 5
Thread author
Aug 19, 2022
176
Ted- NeuShield has been around for a while and quite frankly I totally forgot about it. After reading your post I took the Free version for a quick dance and it proved to be VERY interesting indeed. Although it allows in all cases files to be encrypted from whatever ransomware strain is executed, those areas that are protected by default (essentially backed up) can be restored quite quickly and easily. In addition to the usual encryption routine, NeuShield did a (so far) marvelous job against diskwipers and MBR lockers where the mechanisms are immediately detected with damage being prevented.

One very minor issue noted was if the malware run contains a persistence mechanism on system restart one will have files encrypted to be restored again; this us no real problem but without the eradication of the initial infection one essentially will be playing ransom whack-a-mole until this is done.

I would like to thank you for your post as NeuShield so far has exceeded my expectations.
Thank you for testing! Since NeuShield performs a backup (based on what you are stating) then how much extra space does NeuShield allocate for itself? Would the constant I/O wear our SSD's prematurely?
 

Scirious

Level 2
Feb 22, 2022
91
From what I've been reading, NeuShield doesn't actually makes backups. Instead, when you make a change to a file, it doesn't allow the change to be immediately saved to the file by placing the changes to a temporary location. After it you can choose to commit the changes definitely or to revert to a previous version, in which case NeuShield just discards the changes, allowing you to access the original content. You can also set it to commit the changes after the period. For this reason, @cruelsister sees the file encryption as it won't block the ransomware per se, but allow you to discard the changes made by the virus. The only backup NeuShiled does is create system restore points to allow you to revert the system back to a safe state, but this feature is only available in the paid version.
 

TedCruz

Level 5
Thread author
Aug 19, 2022
176
You protect against ransomware just like you protect against other forms of malware. Good user habits and good security software. You don't need a separate program to do it.
Oh we fully employ a backup solution but having an extra and rapid layer of defense vs restoring from backup is preferred. As they say prevention is the best medicine especially when even the most updated system and most cautious user can have a momentary lapse of judgement
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Hi Scirious! You are making an important point about Neushield in that it is much more of a disaster recovery application than a specific anti-ransomware application (which detects by malicious actions). It does actually have some ability to prevent some ransomware from working by detecting mechanisms, but this ability seems to be restricted to things like Petya, Diskwipers, MBR Lockers and the like.

Neushield does work through System Restore, although separate restore directory exists within Neushield for efficiency. A concern about this may come to mind as some ransomware have the ability to delete system restore points. It was determined that although NeuShield will allow the actual encryption of files, it will prevent Shadow copies from being deleted thus allowing trashed files to be nonetheless restored.

So NeuShield is kinda-sorta a hybrid between anti-ransom and disaster recovery.
 

TedCruz

Level 5
Thread author
Aug 19, 2022
176
The most important thing is where one should store the backup. I personally store it on an external HDD which I only connect when I need it. Otherwise, it is just sitting there in my drawer.

I see people who store the backup on a second drive, when the disaster happens, everything gets encrypted including the backup LOL.

Another important point is one should always test the backup. Create a test backup and restore it to see if it is working or not. Personally, i have never encountered a faulty backup image, but better safe than sorry.
I fully agree on storage and testing the backup. A failed backup scheme was the reason we abandoned using Acronis for Marcium since suddenly when it was needed our 2019 Acronis backup was not recoverable and we had to go all the way back to 2017 at which point it was faster to just redeploy from a fresh start.

As per backup we use the marcium 8 daily backup on a 2nd drive and a weekly backup to an cold storage cloud facility and an external media (USB 3.1 connected magnetic spinning drive).
 

Sorrento

Level 9
Verified
Well-known
Dec 7, 2021
402
I'm pretty fussy about using external backups, I have too much data to waft it up to the cloud, and it's to critical to totally rely on software so I backup on several separate drives on alternate weeks, and a (unplugged) drive next to PC often. For me it's the best but an expensive solution but I didn't buy al the drives on one day :D:D
 

TedCruz

Level 5
Thread author
Aug 19, 2022
176
I'm pretty fussy about using external backups, I have too much data to waft it up to the cloud, and it's to critical to totally rely on software so I backup on several separate drives on alternate weeks, and a (unplugged) drive next to PC often. For me it's the best but an expensive solution but I didn't buy al the drives on one day :D:D
We are running a symmetric fibre of 2 GB from att so that helps in cloud backups especially if they are incremental.
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Another important point is one should always test the backup. Create a test backup and restore it to see if it is working or not. Personally, i have never encountered a faulty backup image, but better safe than sorry.
Wise advice. As to faulty images, I had one myself last month during a test. On my system I utilize both Macrium as well as Veritas System Recovery. The former had the bad image (God knows why) but with the latter the system was successfully restored.
 

Jan Willy

Level 11
Verified
Top Poster
Well-known
Jul 5, 2019
544
Why not try Kaspersky Anti-ransomware Tool? It works flawlessly along with other 3rd parties AVs.
I used it as extra layer on W.10. Light on resources and not intrusive. On W.11 with te same basic security configuration (MS Def., ConfigureDefender-max, FirewallHardening, Core Isolation, Secure Boot) Kaspersky Anti-ransomware Tool gives a warning, so I don't use it anymore.

1661069657995.png


Besides that, well worth reading:
Q&A - NeuShield post nr. 5
Q&A - Interactive Kaspersky Anti-Ransomware Tool for Business post nr. 2
 

Anthony Qian

Level 9
Verified
Well-known
Apr 17, 2021
448
I used it as extra layer on W.10. Light on resources and not intrusive. On W.11 with te same basic security configuration (MS Def., ConfigureDefender-max, FirewallHardening, Core Isolation, Secure Boot) Kaspersky Anti-ransomware Tool gives a warning, so I don't use it anymore.

View attachment 268645

Besides that, well worth reading:
Q&A - NeuShield post nr. 5
Q&A - Interactive Kaspersky Anti-Ransomware Tool for Business post nr. 2
I’m using it along with ESET on my Windows 11 laptop and I haven’t experienced any problems so far. :)
 

TedCruz

Level 5
Thread author
Aug 19, 2022
176
Why not try Kaspersky Anti-ransomware Tool? It works flawlessly along with other 3rd parties AVs.
Kaspersky is forbidden on gov networks and not advised for government employee home use. I do not want to run foul of my employer so better safe than sorry even though Kaspersky is a superior solution to many other antiviruses. I personally run Eset Premium and F-Secure along with a home built Sophos XG box and Brocade switch/AP.
 

TedCruz

Level 5
Thread author
Aug 19, 2022
176
:eek::eek: Nice, I have asymmetrical 1 gig down 50 meg up which means shoving 4 gig to the cloud would be somewhat time consuming (and retrieving) to say the least, nice setup you have :):)
Yeah I can see that being an issue. We ran ours at 3 am in order to allow for cleaner pipes.

ATT is competing with Comcast here so they have very competitive pricing. $68 for symmetric 1gb, $81 for 2 and $160 for 10.

My home network is 2.5gig Brocade switch and I don't feel like purchasing fibre switch and then running fibre throughout the house so we stopped at 2.
 
  • Like
Reactions: Dave Russo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top